I like books written by friendly people that want to share things they know with you. This is not one of those books. Stroustup doesn't even pay homage to Kernigan and Ritchie; on the contrary he essentially dismisses them and complains about the syntactical problems he ran into.Any C++ book should first tell you that of any language, C++ provides the most powerful and simplest way to [ruin] yourself.It should also tell you that because of short-sighted planning when processors had single digit mhz ratings, the language features no dynamic object management and so you're eternally worrying about copy constructors, tricks for passing things and smart pointers - none of which truly represent abstraction constructs which make you productive.And rather than risk badmouthing the language, the author suggests that no one could ever do productive programming work without using all of C++'s features which only the most senior 1% of C++ programmers really understand well enough to be productive and reliable with.Don't get me wrong; I like C++'s basic features. But I'm tired of this high-end C++ pajama party. At some point you have to ask yourself 'does this help you make better software or is it complexity for its own sake?'Instead check out Dattatari's or Eckel's books for a friendly, honest guide to the language.

Two of the leading world cryptographers take their time to show engineers of all kinds, not just programmers, how the security is to be implemented.To quote: "one of the reasons for writing this book: to get other people to understand the insidious nature of security, and how important is to do it right."The whole point of the book is to show how would the authors have built an encryption system if everything's to be done right. This means secure communication channel, key negotiation, random number generation and public key encryption. Basically what you have in this book is a blueprint for the best possible crypto system. The authors describe a few cryptographic primitives, like block ciphers and hash functions, but not a whole lot and nothing in details. The authors just pick one of each (explaining exactly why the one they picked is the best) and stick with it throughout the book. The book has surprisingly little math, if any. No details of any existing protocol in particular. A lot of (literally dozens) attacks described, at any point, on any part, and for each a cure is proposed or "no cure possible" conclusion is made. Pretty informative.Lots of advises, some more technical, some more philosophical. Lots of auxiliary info, like patents on crypto, dancing pigs :), implementation notes etc. Some chapters are about a dozen pages long. A touch, but it makes you think.Oh, and it describes Mr. Schneier's new Yarrow random generator, and what's more - a shiny new extension to it called Fortuna. Fascinating stuff if you ask me.There are some minor downsides too.First, the pseudocode which is used for describing algorithms is strikingly bad. Dear authors of computer books, even if you don't want to take any language's side, please make your code readable for programmers.Second, a few times the book goes like this: "there is that thingy, it's green and it does things". What ? I think if you even mention things, making a consistent view of what it is at least would be nice. To be specific, the book mentions but never even tries to explain: UMAC, OCB, CCM. There is a few more but I wouldn't mind omitting details on those as they are specifically marked as "stay clear off". I could have googled for them for sure, but what is the point of the book then ?Third, some of the advises, especially on programming side don't stand. I found the most useful advises the ones that begin with "Niels once had..." and "We found useful...", i.e. the advises from the field. Some other advises are too general. In the very same time the authors say something like "we (the world) don't have a clue how to write secure software". I fully agree, but why trying to squeeze in a small book thus useless advises ? Like for instance, first they say "wipe any information as soon as you no longer need it" and then "assertion failures should always lead to an abort of a program". Cleanup, huh ? Shall we just say that writing quality software takes no less books than designing proper crypto ?So, the book gets 5 out of 5, because it (1) delivers exactly what it advertises (2) provides an good coverage on the topic and (3) the authors are but the best cryptographers there are. Recommended for anyone.

Before reading this book I had no programming experience. I had been working in Unix for a few months and wanted to find a better/quicker way to accomplish tasks I kept running across, I could not find solutions to on the command-line (,and scripting would not have proved as elegant a solution). After reading the first half of this book I was able to write useful programs to address these minor issues. Some of the book seems a little out of order, and it is a little work coming from no background, but worth any difficulty encountered.